JASPIC Provider for FORM based Authentication

["Keil, Matthias (ORISA Software GmbH)" <Ma...@orisa.de>]

Hello everyone,

I take up a topic of my own again. The point there was that I would like to accommodate both the configuration and the actual Server Auth module within the application.
That worked well with your advice.

Unfortunately, I have now reached the point where this solution works for one application, but a parallel application on the same Tomcat then also uses the Server Auth module. There is a <login-config> entry in the web.xml of the second application.
In my opinion, this is ignored as soon as JASPIC is configured for this Tomcat (either statically with jaspic-providers.xml or dynamically by implementing an AuthConfigProvider).

Now here are my questions:
1. Is there a possibility to activate the JASPIC provider for only one of the two applications?
2. OR there is an AuthConfigProvider that could implement the FORM based authentication.


thanks in advance

Matthias

Re: AW: JASPIC Provider for FORM based Authentication

[Christopher Schultz <ch...@christopherschultz.net>]

Mark,

On 12/3/21 05:29, Mark Thomas wrote:
> On 03/12/2021 10:00, Keil, Matthias (ORISA Software GmbH) wrote:
>> Hi Mark, sorry for the late reply. Unfortunately I was sick.
>>
>> Thanks for your advice. The error was in front of the computer 😉. I 
>> had misspelled the context path in the appContext
>>
>> Now it works as expected
> 
> Glad you fixed it and thanks for reporting back. It is always good to 
> have the solution in the archives.

+1

And Matthias, I would really love it if you would consider doing a 
presentation on JASPIC for the next ApacheCon.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: AW: JASPIC Provider for FORM based Authentication

[Mark Thomas <ma...@apache.org>]

On 03/12/2021 10:00, Keil, Matthias (ORISA Software GmbH) wrote:
> Hi Mark, sorry for the late reply. Unfortunately I was sick.
> 
> Thanks for your advice. The error was in front of the computer 😉. I had misspelled the context path in the appContext
> 
> Now it works as expected

Glad you fixed it and thanks for reporting back. It is always good to 
have the solution in the archives.

Mark


> 
> Best regards
> 
> Matthias Keil
> 
> -----Ursprüngliche Nachricht-----
> Von: Mark Thomas <ma...@apache.org>
> Gesendet: Montag, 22. November 2021 18:28
> An: users@tomcat.apache.org
> Betreff: Re: JASPIC Provider for FORM based Authentication
> 
> On 22/11/2021 12:00, Keil, Matthias (ORISA Software GmbH) wrote:
>> Hello everyone,
>>
>> I take up a topic of my own again. The point there was that I would like to accommodate both the configuration and the actual Server Auth module within the application.
>> That worked well with your advice.
>>
>> Unfortunately, I have now reached the point where this solution works for one application, but a parallel application on the same Tomcat then also uses the Server Auth module. There is a <login-config> entry in the web.xml of the second application.
>> In my opinion, this is ignored as soon as JASPIC is configured for this Tomcat (either statically with jaspic-providers.xml or dynamically by implementing an AuthConfigProvider).
>>
>> Now here are my questions:
>> 1. Is there a possibility to activate the JASPIC provider for only one of the two applications?
> 
> The intention is that the appContext attribute for the provider in the jaspic-providers.xml file limits the JASPIC configuration to a single web application.
> 
>> 2. OR there is an AuthConfigProvider that could implement the FORM based authentication.
> 
> Not that I am aware of.
> 
> Mark
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

AW: JASPIC Provider for FORM based Authentication

["Keil, Matthias (ORISA Software GmbH)" <Ma...@orisa.de>]

Hi Mark, sorry for the late reply. Unfortunately I was sick.

Thanks for your advice. The error was in front of the computer 😉. I had misspelled the context path in the appContext

Now it works as expected

Best regards

Matthias Keil

-----Ursprüngliche Nachricht-----
Von: Mark Thomas <ma...@apache.org> 
Gesendet: Montag, 22. November 2021 18:28
An: users@tomcat.apache.org
Betreff: Re: JASPIC Provider for FORM based Authentication

On 22/11/2021 12:00, Keil, Matthias (ORISA Software GmbH) wrote:
> Hello everyone,
> 
> I take up a topic of my own again. The point there was that I would like to accommodate both the configuration and the actual Server Auth module within the application.
> That worked well with your advice.
> 
> Unfortunately, I have now reached the point where this solution works for one application, but a parallel application on the same Tomcat then also uses the Server Auth module. There is a <login-config> entry in the web.xml of the second application.
> In my opinion, this is ignored as soon as JASPIC is configured for this Tomcat (either statically with jaspic-providers.xml or dynamically by implementing an AuthConfigProvider).
> 
> Now here are my questions:
> 1. Is there a possibility to activate the JASPIC provider for only one of the two applications?

The intention is that the appContext attribute for the provider in the jaspic-providers.xml file limits the JASPIC configuration to a single web application.

> 2. OR there is an AuthConfigProvider that could implement the FORM based authentication.

Not that I am aware of.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

AW: JASPIC Provider for FORM based Authentication

["Keil, Matthias (ORISA Software GmbH)" <Ma...@orisa.de>]

-----Ursprüngliche Nachricht-----
Von: Mark Thomas <ma...@apache.org> 
Gesendet: Montag, 22. November 2021 18:28
An: users@tomcat.apache.org
Betreff: Re: JASPIC Provider for FORM based Authentication

On 22/11/2021 12:00, Keil, Matthias (ORISA Software GmbH) wrote:
> Hello everyone,
> 
> I take up a topic of my own again. The point there was that I would like to accommodate both the configuration and the actual Server Auth module within the application.
> That worked well with your advice.
> 
> Unfortunately, I have now reached the point where this solution works for one application, but a parallel application on the same Tomcat then also uses the Server Auth module. There is a <login-config> entry in the web.xml of the second application.
> In my opinion, this is ignored as soon as JASPIC is configured for this Tomcat (either statically with jaspic-providers.xml or dynamically by implementing an AuthConfigProvider).
> 
> Now here are my questions:
> 1. Is there a possibility to activate the JASPIC provider for only one of the two applications?

The intention is that the appContext attribute for the provider in the jaspic-providers.xml file limits the JASPIC configuration to a single web application.

> 2. OR there is an AuthConfigProvider that could implement the FORM based authentication.

Not that I am aware of.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: JASPIC Provider for FORM based Authentication

[Mark Thomas <ma...@apache.org>]

On 22/11/2021 12:00, Keil, Matthias (ORISA Software GmbH) wrote:
> Hello everyone,
> 
> I take up a topic of my own again. The point there was that I would like to accommodate both the configuration and the actual Server Auth module within the application.
> That worked well with your advice.
> 
> Unfortunately, I have now reached the point where this solution works for one application, but a parallel application on the same Tomcat then also uses the Server Auth module. There is a <login-config> entry in the web.xml of the second application.
> In my opinion, this is ignored as soon as JASPIC is configured for this Tomcat (either statically with jaspic-providers.xml or dynamically by implementing an AuthConfigProvider).
> 
> Now here are my questions:
> 1. Is there a possibility to activate the JASPIC provider for only one of the two applications?

The intention is that the appContext attribute for the provider in the 
jaspic-providers.xml file limits the JASPIC configuration to a single 
web application.

> 2. OR there is an AuthConfigProvider that could implement the FORM based authentication.

Not that I am aware of.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org